| gouthamr | this list doesn't seem accurate, does it? https://launchpad.net/~ossg-coresec/+members#active | 19:43 |
|---|---|---|
| gouthamr | this one seems closer to reality: https://launchpad.net/~openstack-vuln-mgmt/+members#active | 19:45 |
| fungi | they were two different groups | 19:47 |
| gouthamr | yep; maybe ossg-coresec should be reformed, or retired? | 19:48 |
| fungi | the ossg (openstack security group) was a collection of volunteer security folks from various companies with interests in improving openstack's overall security. the ossg later became the security project, and was eventually retired when it became defunct | 19:48 |
| fungi | the ossg is loosely succeeded by the openstack security sig now | 19:48 |
| gouthamr | ah, that LP group is still linked out of https://wiki.openstack.org/wiki/Security_Teams and https://docs.openstack.org/project-team-guide/vulnerability-management.html | 19:49 |
| fungi | i agree "something" needs to be done with it, but am not in a position to look closely at the state of it at the moment | 19:49 |
| gouthamr | i can fix the link to begin with | 19:49 |
| fungi | thanks | 19:49 |
| fungi | the vmt was/is separate from the ossg, originally the ossg served as the maintainers of the openstack security guide and the openstack security notes publications (not to be confused with security advisoris, which the vmt handles) | 19:50 |
| gouthamr | does the VMT now handle those bits? or OSSNs are still under the security-sig's purview? | 19:52 |
| gouthamr | sorry, i should just read further :D | 19:56 |
| gouthamr | https://wiki.openstack.org/wiki/Security-SIG | 19:56 |
| fungi | it's fuzzy, there's no clear responsible party, it's more about who feels like taking care of it | 19:56 |
| * gouthamr is just used to the "ask fungi" route | 19:57 | |
| gouthamr | https://review.opendev.org/c/openstack/project-team-guide/+/947150/ | 20:07 |
| gouthamr | https://wiki.openstack.org/wiki/Security_Teams | 20:07 |
| gouthamr | i fixed these two ^ | 20:07 |
| fungi | thanks!!! | 20:07 |
| fungi | also i think we should look at moving anything of importance out of the Security-SIG wiki into a governance-sigs file like i did with https://governance.openstack.org/sigs/tact-sig.html | 20:09 |
| gouthamr | very little i'd think | 20:51 |
| gouthamr | https://security.openstack.org/ has most of the relevant info | 20:52 |
| fungi | yeah, even better idea! | 20:52 |
| gouthamr | perhaps only the bits around "how can i help" are missing from it | 20:52 |
| fungi | security.o.o should be able to double as a security sig page, with a little minor improvement | 20:53 |
| fungi | dunno why it didn't occur to me | 20:54 |
| opendevreview | OpenStack Proposal Bot proposed openstack/security-doc master: Updated from openstack-manuals https://review.opendev.org/c/openstack/security-doc/+/947166 | 23:56 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!